SC Congress Atlanta: Apple right to rebuff FBI, encryption not foolproof, panel says
Time Warner's Gary Phillips and Jones Day's Kevin Morrison discussed the implications of the Apple/FBI conflict at SC Congress Atlanta.
Apple did the right thing by rebuffing the Federal Bureau of Investigation's (FBI) attempt to get it to crack an iPhone 5c and tech companies that don't show similar backbone might find potential customers hesitant to purchase their products, according to a panel at SC Congress in Atlanta Tuesday.
"If I know a company has willingly built back doors into their products, from a purchasing perspective, it's a factor I take into consideration," said Kevin Morrison, head of information security for Jones Day, even if those backdoors are there for maintenance purposes.
That kind of thinking likely shored the Cupertino, Calif.-based company's resolve in taking on the government. Self-described "Apple geek" Gary Phillips, CISO of the Enterprise Infrastructure Services (EIS) division of Time Warner, said he wouldn't "attribute to Apple any high-minded ideas. I think they protected their market."
If Apple had capitulated, it likely would have set the tone -- and the legal underpinnings -- for future battles between tech companies and government. "The law is funny," said Phillips. "If you do it once, you establish legal precedence."
And the kind of legal precedence that requires companies like Apple to bend to government would compromise security, the panelists agreed. "If you build a backdoor, bad actors would find it," said Morrison.
But the Apple/FBI clash raises a number of questions, among them whether the public would be willing to sacrifice privacy for security and if there are limits to how much cooperation with government can be mandated.
"I don't know how much mandating can be done," said Morrison. "If the tech industry gets together and says no, I don't know what government can do."
The panelists cautioned against putting too much stock in encryption, because it won't offer foolproof, long-term protection.
"Anything that you encrypt can be decrypted," said Phillips, adding that the most the public can depend on is a "certain longevity" of protection and that period is getting shorter as technology advances.